Ferraiolo, D.
and Kuhn, D.
(1992),
Role-Based Access Controls, 15th National Computer Security Conference, Baltimore, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=916401
(Accessed May 1, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Role-Based Access Controls
Published
Author(s)
,
Abstract
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that reliance on DAC as the principal method of access control is unfounded and inappropriate for many commercial and civilian government organizations. The paper describes a type of non-discretionary access control: role-based access control (RBAC) that is more central to the secure processing needs of non-military systems than DAC.Proceedings Title
15th National Computer Security Conference
Conference Dates
October 13-16, 1992
Conference Location
Baltimore, MD
Pub Type
Conferences
Download Paper
Keywords
access control, computer security, discretionary access control, integrity, mandatory access control, role, RBAC, role based access control, TCSEC
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.
Created October 13, 1992, Updated February 19, 2017